Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to configure an ASA with 2 Public IP address.

Hi, I have to configure a router ASA 5505 with 2 Publics IP, our ISP give us a 3 Public IP, and actually our configuration is like this:

-----------------------------------------------------------------------

interface Vlan1

nameif inside

security-level 100

ip address 192.168.x.x 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 200.91.x.x 255.255.255.248

!

-------------------------------------------------------------------------

The problem is: If I create a new Vlan, the interface overlaps.

How can I solve that problem??

Thanks for your answers!!!

Everyone's tags (1)
1 REPLY
Hall of Fame Super Silver

You'd get better visibility

You'd get better visibility in the Firewall forum, but I can answer your question.

Typically when you have multiple addresses from a given subnet (as you imply), the additional ones are used for services that you want to setup with static NAT addresses.

The first one is, for instance, the interface Vlan 2 address and the global dynamic NAT for all outgoing traffic.

A second one could be a static NAT for incoming traffic to a server - for instance it could be for your internal email server and you would have a static NAT and an access-list entry allowing incoming traffic on tcp/25 (smtp) or - for Outlook web Access for example - tcp/443. that second (and third etc. ) address is not assigned to an interface under the interface configuration but rather via the NAT rule. (e.g. nat (inside,outside)___"

59
Views
0
Helpful
1
Replies